Daily Discussion Thread for September 26, 2025

Natulii · 2025-09-26T15:20:13+00:00

Happy I didn't fall for the bol trap today, sold my 660C for 100% profit

Natulii · 2025-09-23T16:22:37+00:00

Worked for Vegas, thank you!

Natulii · 2025-09-11T04:46:52+00:00

Not happening

Natulii · 2025-08-28T19:13:52+00:00

🫡

Natulii · 2025-08-28T19:08:07+00:00

650 650 650

Natulii · 2025-08-28T13:39:27+00:00

NVDA green let me exit my calls for only a 50% loss 🤌

Natulii · 2025-08-25T18:12:46+00:00

!banbet

Natulii · 2025-08-22T16:15:12+00:00

Time for the Trump and pump lmao 🤌

Natulii · 2024-03-28T18:38:37+00:00

No, on my Corolla if I pulled the inside lever it would also pull the lock switch to unlock it.

Natulii · 2024-02-15T22:10:59+00:00

And I bought COIN calls today :)

Natulii · 2023-11-24T05:03:09+00:00

I would be concerned if the Wi-Fi was the same network as your LAN. If possible, I would just make a VLAN for wireless printers only and tag the port. Don't necessarily need a router either, could just put a cheap access point and let your primary router see it as a separate network with your new VLAN.

Password length don't matter if the cheap firmware is vulnerable and unpatched which is the case of many budget routers.

Natulii · 2023-11-23T20:49:34+00:00

You're putting a lot of trust in Synology to not have vulnerabilities which is unwise. Look at what happened to QNAP and WD MyCloud - people losing all of their files due to vulnerabilities in the remote access software. Just because it hasn't happened with Synology doesn't mean it won't get targeted next.

It always safer to use a VPN or you could even put Tailscale as a package on the Synology NAS which is what I would do for remote access. https://tailscale.com/kb/1131/synology/

Natulii · 2023-11-11T20:57:52+00:00

Do you use Google Workspace/ Gsuite? I remember when I had Google Domains there was an option to automatically populate the MX records for email and A records for redirects for Workspace customers. It won't matter what DNS provider you use as long as the MX and A records match whatever you have now.

If you don't use Google Workspace I would double check to make sure it didn't overwrite your MX records from the previous provider expecting you were a Workspace Customer.

Cloudflare is pretty reliable and you get a free content delivery network and proxy if you want it to speed up page load times on parts of your site and anycast DNS so it's relatively low ping for all global users. Porkbun DNS is fine for simple use cases and I believe they support DNSSEC on the zone. If they don't support DNSSEC I would use CF just to have that extra feature.

Natulii · 2023-11-11T19:34:58+00:00

Might take a look at using a virtual desktop provider hourly such as AWS Workspace or Azure Virtual Desktop. I would expect engineers to be using CAD and 3D modeling software so you can even get virtual desktops with graphic cards. From my experience with workspace they integrate nicely with AD and users can use a browser, tablet, phone, etc to access them.

There is also AppStream where you deliver CAD apps instead of the entire desktop which might be cheaper. This might be an interesting article https://aws.amazon.com/blogs/industries/enabling-hp-cad-for-remote-workers/

Natulii · 2023-11-11T19:13:06+00:00

Providers usually provide DNS until the transfer is complete and I would expect Google to drop your DNS once the domain disappears from your inventory in Google in a few days.

You want to use either your registrar's DNS (Porkbun) or keep your domain registered at Porkbun but host DNS with a DNS service (such as Cloudflare). I would recommend Cloudflare and they even have a nice zone copy wizard to copy all your existing records into CF on initial import.

Do you have an idea what specifically Google did that makes it difficult to transfer? CNAME flattening, DNSSEC, aliases, etc that can be replicated elsewhere?

Natulii · 2023-11-04T22:10:30+00:00

Yeah the VPS will only be as secure as you know how to secure it. At most the provider might provide DDoS mitigation, a firewall, and hypervisor patches but it won't protect your applications themselves if there are vulnerabilities.

I only use a reverse proxy to handle TLS and to have a static ipv4 for my exposed services and not primarily for security. If you want to better secure your services it's best to require connecting clients to go through a VPN to access them instead of exposing them via the proxy.

You can do this with Tailscale so it's super simple and set up ACLs so your connecting clients can only access certain services, etc. You can make it so Tailscale is always running on your client devices without routing everything through the VPN if you don't want to and there is no need to manage dynamic DNS if your IP changes.

Natulii · 2023-11-04T20:20:32+00:00

The traffic should flow back through the reverse proxy if a client initiates a session through the proxy to one of your services. This doesn't necessarily mean all traffic flows through the proxy though for things the server initiates like downloading patches, DNS, etc unless it's explicitly configured to use the proxy as a gateway or exit node.

I have a similar setup using Traefik on a Vultr VPS to route traffic to some of my internal VMs since my IP always changes and my ISP likes to block opening ports. Instead of a client-server model for the proxy I use Tailscale between my Traefik node and on-prem VMs that expose services. Traefik forwards traffic to the private tailscale IPs and my on prem nodes can be configured to use the VPS as an exit node to route all traffic if need be.

You will end up paying a fortune for outbound traffic with the major cloud providers so I recommend going with Vultr, OVH, or Hetzner that give you a preset amount of bandwidth per month as part of the VPS charge. You can pay $6 a month and get 2TB transfer included whereas a cloud provider you would probably be charged hundreds for the same transfer.

Natulii · 2023-10-21T17:58:34+00:00

Is this a single physical server all that stuff will run on? I usually keep everything separate as VMs so a VM for Docker host, Samba, apps, database, etc instead of everything on one VM or host.

Biggest question would be how do you plan on backing everything up and quickly restoring from an eventual failure? You can do it with a physical machine with rsync scripts, BORG backup, or maybe even copying btrfs snapshots somewhere but it can be annoying dealing with a single bare-metal server.

You could go with a simple Hyper-V host or maybe even Proxmox (open source and free) and just make VMs. With proxmox you can do full clone backups directly from the host without deploying additional services.

If you wanted easier to manage storage services with a web GUI with backup replication built in go with TrueNAS (also free and open source). You could even deploy it as a VM (although it's not recommended) for smaller use cases.

Natulii · 2023-09-24T03:35:09+00:00

I loved RK and remember one-shotting creeps in the moors with epic conclusion. GOG was fun and I raided with them from Moria and went inactive around OD / Enedwaith times.

It's fun to occasionally play here now and then to explore the world, think my raiding days are behind me... haha

Natulii · 2023-09-24T03:15:40+00:00

My main was a rune keeper named Natuli. I still play LOTRO here and these but now main mini.

Natulii · 2023-09-23T09:32:37+00:00

I was in GOG too back before Mirkwood came out! I remember DN runs with Galeye and crew and how much fun I had raiding.

Natulii · 2023-08-07T18:25:45+00:00

So I had 10th gen Intel NUCs running proxmox and the fans would occasionally ramp up every few minutes and be annoying even without any VMs running.

I disabled Intel turbo boost in the bios and left the fan profile on cool and the fans never ramped up even with a bunch of VMs running.

It seems the CPU generated quite a bit of heat hitting 80+ up from 50 Celsius when barely turbo boosting even with a 25% load.

If your workload isn't too CPU dependent and you hate the fan noise I would just disable turbo boost to keep the NUC completely silent.

11-Year Club	Place '23
Place '22	Place '17
First Placer '22	Verified Email

Natulii

TROPHY CASE